Criminals, everywhere
Monday, 16. July 2007, 08:36:00
You may have noticed that I develop web and desktop applications for a living. Today a bulletin passed through my newsreader, informing the world of YASB (yet another security breach). This time it's Java. Not the coffee... the programming and plug-in environment. The breach is so severe that Sun has released a patch very quickly. Everyone start downloading... and yes! the world is safe once more!
Or is it?
Hundreds of security vulnerabilities are found daily. Keep track of Secunia's security advisories and you'll learn quickly what a sad, sad, virtual world we live in. Operating systems and internet browsers, internet plug-ins and web sites, database systems and programming languages, it's all vulnerable. There's no escape.
What does that say about me?
As stated above, I'm a programmer. I build web sites and stuff. I build what other people try to breach. Those who break my programming do so on purpose. Their mindset is two-fold: their work can be used for good (to improve security) and for bad (to do harm). I work with these people. I provide them with ammunition. They might read my articles and learn from it... after all, my articles are meant to educate.
They are the bad guys, we are the good guys. We may have started out with the same education, we use the same systems, the same languages, and possibly the same tools. We know they exist. They know we exist. We choose to operate in the same area on a daily basis. We caught ourselves in an endless loop: I build, they break, I build, they break, ad infinitum.
Technology is not the answer. Of course programmers like me should be educated properly. (Are we?) Of course old systems should be replaced. (And the same mistakes repeated?) We spend billions on improving security. Can we guarantee safety? Sure... until the next breach. I'm not seeing anything preventing crackers from doing their bit.
Or am I?
Loops can be broken. This one must break. If this game doesn't end, someone's going to pull the plug. Literally. A system alone is a system secure. No input, no output, no harm. Not productive, either. Useless.
Who creates the systems? Humans. Who breaches the systems? Humans. How do we solve it? With means that apply to humans. Preferably a base-ball bat. Or, in more cultivated societies, law enforcement.
Cracking applications and using breaches with the intention of doing harm (in the broadest possible sense of the word) is quite illegal in a couple states and countries. I should find out exactly where. I should strive to make it illegal where it isn't already. I should make this a political issue, where it isn't already.
But I'll start out with acquiring a base-ball bat.
Or is it?
Hundreds of security vulnerabilities are found daily. Keep track of Secunia's security advisories and you'll learn quickly what a sad, sad, virtual world we live in. Operating systems and internet browsers, internet plug-ins and web sites, database systems and programming languages, it's all vulnerable. There's no escape.
What does that say about me?
As stated above, I'm a programmer. I build web sites and stuff. I build what other people try to breach. Those who break my programming do so on purpose. Their mindset is two-fold: their work can be used for good (to improve security) and for bad (to do harm). I work with these people. I provide them with ammunition. They might read my articles and learn from it... after all, my articles are meant to educate.
They are the bad guys, we are the good guys. We may have started out with the same education, we use the same systems, the same languages, and possibly the same tools. We know they exist. They know we exist. We choose to operate in the same area on a daily basis. We caught ourselves in an endless loop: I build, they break, I build, they break, ad infinitum.
Technology is not the answer. Of course programmers like me should be educated properly. (Are we?) Of course old systems should be replaced. (And the same mistakes repeated?) We spend billions on improving security. Can we guarantee safety? Sure... until the next breach. I'm not seeing anything preventing crackers from doing their bit.
Or am I?
Loops can be broken. This one must break. If this game doesn't end, someone's going to pull the plug. Literally. A system alone is a system secure. No input, no output, no harm. Not productive, either. Useless.
Who creates the systems? Humans. Who breaches the systems? Humans. How do we solve it? With means that apply to humans. Preferably a base-ball bat. Or, in more cultivated societies, law enforcement.
Cracking applications and using breaches with the intention of doing harm (in the broadest possible sense of the word) is quite illegal in a couple states and countries. I should find out exactly where. I should strive to make it illegal where it isn't already. I should make this a political issue, where it isn't already.
But I'll start out with acquiring a base-ball bat.
WIDGETIZE
Lorenzo Celsi # 18. August 2007, 10:49
Omega Junior # 18. August 2007, 11:02
Lorenzo Celsi # 18. August 2007, 12:16
It is a blade with two edges and IMO we have to be careful in calling for the State (or other supreme authorities) to make more laws about our lives. Expecially here in Europe, where the idea of "freedom" is blurred.
In Italy several politicians have already proposed to censor the Internet like China to protect people from being exposed to improper contents and frauds. Some domains have already been filtered upon a request from a State agency because there were gambling sites. The main phone carrier is spying million telephones upon request from the Law and Police agencies, etc.
I know, a little off topic, but I don't see anything good in the Law coming to see what I am doing with my computer.
Omega Junior # 18. August 2007, 12:41
However, once the crime is committed the guilty party has to be punished, like it happens with most other kinds of criminal behaviour. The drawback of cybercrime has to be greater than the benefits. We already know technology isn't going to save us.
I'm not asking for a change of the justice system. I kind-a like the one in my country. I am asking for a change in the law system, specifically the one that should recognise cybercrime as crime.
Lorenzo Celsi # 18. August 2007, 12:55